Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ways to improve page rank, or deceptively get more users to your websites or away from your competition. Where you can discuss SEO (search engine optimization) issues as it relates to computer security. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Link via xss
Posted by: lobas
Date: December 19, 2006 03:01AM

i dunno if this is possible,
to be able to get a link somehow with XSS?

Options: ReplyQuote
Re: Link via xss
Posted by: eyeced
Date: December 19, 2006 11:45AM

Edit: doesnt matter now



Edited 1 time(s). Last edit at 01/20/2007 12:10PM by eyeced.

Options: ReplyQuote
Re: Link via xss
Posted by: lobas
Date: December 19, 2006 11:56AM

no im talking about SEO,

If im able to get a links with XSS, as in the users visits XSS on a blog and it adds via HTML post or something?

Options: ReplyQuote
Re: Link via xss
Posted by: maluc
Date: December 19, 2006 02:38PM

yes.. but its not known whether or not spiders are smart enough not to index those..

for example, instead of htp://bank.com/signup.php?name="><script>alert("XSS")</script> .. you could certainly use:

htp://bank.com/signup.php?name="><a href="htp://evil.com/index.html">Keywords Here</a>

but.. i don't know whether or not google's spiders will apply that to evil.com's PageRank. Also, it's easy to detect with a google search for link:htp://evil,com/index.html. So whether it's a worthwhile method of SEO, i'm not sure.

-maluc

Options: ReplyQuote
Re: Link via xss
Posted by: rsnake
Date: December 19, 2006 03:24PM

But what you could do is create a JavaScript that when viewed by a normal user it automatically posts to the same form the user is visiting so it gets posted on your behalf by that user (which could be an administrator). That's why wordpress has Nonces built in, or it would be very easy to do something like this to an administrator. So as far as I know only users are vulnerable.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Link via xss
Posted by: lobas
Date: December 22, 2006 06:20AM

ive tried creating some kind of post request on wordpress to automatically add a link into the blog roll but, it didnt really work, no way i could find a good way to do it, only way would to some how get the refering blog hoping it would be the victims blog which is 1% chance

Options: ReplyQuote
Re: Link via xss
Posted by: Dave
Date: January 12, 2007 05:34AM

@lobas

That's a nice idea.... you could always check if the referrer of a visitor has "wp-admin" in it, than you could be sure, he's the owner of the referring website.

Options: ReplyQuote
Re: Link via xss
Posted by: rsnake
Date: January 12, 2007 01:50PM

Or you could use the CSS history hack (which I finally got back up online): http://ha.ckers.org/weird/CSS-history-hack.html

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Link via xss
Posted by: hackathology
Date: March 28, 2007 03:26AM

Rsnake, nice one to have it up.

http://hackathology.blogspot.com



Edited 1 time(s). Last edit at 03/28/2007 03:29AM by hackathology.

Options: ReplyQuote
Re: Link via xss
Posted by: anathema
Date: July 08, 2007 02:42PM

I've been using XSS back linking for a while now (about 5 months) and have only xss'd sites with a higher page rank,

I've seen my site rise up the google ranks.
I'm not 100% sure it's due to the xss or other small SEO stuff I've been doing.

My only issue is that to work it I have to create the link which is the easy part. I then link the ad on a sub-domain of my site so it looks like a link share,

my subdomain links to the high page rank and the high page rank has a link back to my site with the anchor text I'm aiming for.

Just wondering if anyone else is employing this technique and if they have seen any results.

Beside the high page rank I've also set XSS links from all sites above my in google for my keyword of choice.



Edited 1 time(s). Last edit at 07/08/2007 02:44PM by anathema.

Options: ReplyQuote
Re: Link via xss
Posted by: pr101
Date: July 12, 2007 07:47AM

You can sometimes use the preview button on a, let's say, blog to get a preview page of your post (which contains your URL and spam). By converting the POST to GET you can get an URL of it and use it to submit to Google etc.. You are now listed on that blog without having the comment approved.

Options: ReplyQuote
Re: Link via xss
Posted by: anathema
Date: July 12, 2007 11:55AM

I forgot about that method, I remember using it ages ago.

Options: ReplyQuote


Sorry, only registered users may post in this forum.